• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 511
  • Last Modified:

TrueCrype - Finding ballance between usability and security

I have a file server in a location which is a little out of the way. I understand that encrypting the system drive with TrueCRYPT means that authentication happens pre-boot. This would mean that physical access to the server is required after each restart (currently all [software] admin work is done through remote desktop).

My questions are:

a), does encrypting the sys drive increase data security if confidential information is already encrypted on an external drive, and the OS is basically a clean install shell....

b), if sys drive encryption is to be used, is it possible to have automatic encryption authentication? Does this sound a little pointless?!? The user account would still have a password though...

Feedback welcome!

Thanks guys
2 Solutions
Garry GlendownConsulting and Network/Security SpecialistCommented:
As for encrypting the system drive, keep in mind that Windows does all kind of things all over the place, storing temporary files, swap files, etc on the system drive, so you have no say-so over where confidential information might end up at when being loaded off of the external drive. From that point of view, yes, encrypting the system drive will increase the security of the data.

Not sure what you mean with the encryption authentication though ...
Rob KnightConsultantCommented:

Do you have a KVM over IP solution on the server such as ILO or DRAC - would having access to this not enable you to authenticate via that console?


First of all: are you open to alternatives?
If your server (what OS?) would be windows server 2008, you could use bitlocker. And IF, yes, if the mainboard supports it, let bitlocker use the TPM chip of the board. This would be a wholedisk encryption without a password and the need for someone to be present at reboots.
"Would that be secure", you might ask. It depends. If someone manages to cold boot attack your server (see http://www.youtube.com/watch?v=JDaicPIgn9U for a demonstration), your data will be lost. Second way to get to your data would be the infamous Firewire hack http://www.youtube.com/watch?v=5N-C5s_07Ts - applicable only if a firewire port is present.
So you see, there are ways in and those are realistic. To have an entire system encrypted AND 100% secure AND handsfree (no password) is NOT possible - period.

What IS possible handsfree is using truecrypt together with a keyfile. Let me explain:
Your file server (windows, I suppose) will have 2 partitions, OS and data. If you don't care about the OSD partition (you should not need to care about the pagefile, because the restricted documents do not get worked on at the server itself), just use Truecrypt to encrypt the data partition using no password but a keyfile (TC offers to do so). Now place that keyfile on a share of a remote server that noone has physical access to but you. Share permissions and NTFS permissions of that keyfile will have to be restricted, too (in our domain, we use the system account: fileserver$)
Next, create a scheduled task on your file server that uses truecrypt.exe scripted (batch script). TC can mount your whole partition using that keyfile totally unattended that way. Afterwards restart the server service with that script, too, to recreate the shares [shares are created at system startup normally - as we have to mount first, we need to use sc.exe to restart the server service afterwards]. Done. This is how our company solved that problem.

Now what would happen if a thief comes and steals the server? The data partition is encrypted, the thief would need the keyfile. Without, he is lost. So his only possibility to get to the data would again be the cold boot attack and firewire BUT this time he would have to perform this attack while the data partition is mounted which means RIGHT AT YOUR COMPANY and not in his cosy hideout with lots of time and planning. Once he turns off the machine, the keyfile is gone.

Two last things:
1 you will need to be aware that this keyfile is really important and keep a backup of it secured somewhere. Best would be to keep it on two server's shares and use the second one if the first one is not available. Remember: both of these servers need to be physically secured.
2 Adjust your file server backup to your new needs.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

One more thing about the scheduled task that does the mounting: it must be run at system startup (and as I proposed using the account: system which does not need a password to be entered=leave it blank if asked for one).
> Feedback welcome!
Same on my side :)
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now